I think queries still cost cycles in replicated mode.
Thanks @icme, this’ll do the trick nicely 
Sounds like I should guard for security (goes through consensus), and additionally inspect message as a low security initial gate (but one that does a better job of avoiding unnecessary cycle drain).
Do you know if calls to serve up canister logs are replicated query calls (if there’s consensus involved I expect it costs cycles)?
Assuming this is the case do you know if there are similar ways to protect requests serving up logs? The endpoint isn’t something implemented by the canister developer.
If log access is whitelisted, presumably there would be a small amount of cycle drain to check if the principal is authorised (if logs are served up in replicated mode). Or does access control also take place at the inspect_message level to avoid this?